Kumari.net

Creating a new cert using my CA

I run my own personal CA, so that I can issue certificates for internal and management services, such as Dell iDRAC web interfaces, web connected terminal servers, internal Grafana and Prometheus, etc.

Originally I was using OpenSSL’s CA functionality, but I recently moved to using Smallstep CA as it is much friendlier.

It is not meant to be a comprehensive guide, but rather a quick reference for myself and so I can copy and paste.

Creating a certificate

To create a certificate, you can use the `step` CLI tool. The basic command is:

$ step ca certificate --offline --san localhost --san example.com 192.0.2.1 test.example.com.crt test.example.com.key

Inspecting a certificate

To inspect a certificate, you can use the `step certificate inspect` CLI tool.

The basic command:

$ step certificate inspect --short test.example.com.crt                                                   
X.509v3 TLS Certificate (ECDSA P-256) [Serial: 2898...3200]
  Subject:     127.0.0.1
  Issuer:      Kumari Intermediate CA
  Provisioner: warren@example.com [ID: Odw5...Aisg]
  Valid from:  2026-03-08T08:11:53Z
          to:  2036-03-05T08:12:53

List issued certificates

To list issued certificates, you can use the `step ca list` CLI tool. The basic command:

step-badger  x509Certs ~/.step/db  
Serial number                            Subject             Start                 Finish                Validity
302993289828619663782218509723082042948  CN=text.kumari.net  2026-03-08T04:05:50Z  2026-03-09T04:06:50Z  Valid
288747816944534935195190911414687768787  CN=text.kumari.net  2026-03-08T04:06:41Z  2026-03-09T04:07:41Z  Valid
256594984883023829367820058718959011064  CN=text.kumari.net  2026-03-08T04:13:24Z  2026-03-09T04:14:24Z  Valid
110820592971243850069853866489777680598  CN=text.kumari.net  2026-03-08T04:18:56Z  2026-03-09T04:19:56Z  Valid
290518310107845670357853935107535723354  CN=text.kumari.net  2026-03-08T04:19:50Z  2026-03-09T04:20:50Z  Valid
185857471328644270079771979276526259328  CN=text.kumari.net  2026-03-08T04:24:13Z  2036-03-05T04:25:13Z  Valid
289868830197733569134057562717999143200  CN=127.0.0.1        2026-03-08T08:11:53Z  2036-03-05T08:12:53Z  Valid
210934104339491430029165189931100840639  CN=127.0.0.1        2026-03-08T08:41:06Z  2036-03-05T08:42:06Z  Valid
28982137696241536685507136660775104074   CN=127.0.0.1        2026-03-08T08:43:38Z  2036-03-05T08:44:38Z  Valid

Blog